This is an early attempt at creating Rubocop rules, similar to Rubocop-RSpec, for blocking dangerous code. This code is based heavily upon the Rubocop-RSpec code released under the MIT License.
Installation¶ ↑
Just install the rubocop-gitlab-security
gem
gem install rubocop-gitlab-security
or if you use bundler put this in your Gemfile
gem 'rubocop-gitlab-security'
Usage¶ ↑
You need to tell RuboCop
to load the Gitlab-Security extension. There are three ways to do this:
RuboCop
configuration file¶ ↑
Put this into your .rubocop.yml
.
require: rubocop-gitlab-security
Now you can run rubocop
and it will automatically load the RuboCop
Gitlab-Security cops together with the standard cops.
Command line¶ ↑
rubocop --require rubocop-gitlab-security
Rake task¶ ↑
RuboCop::RakeTask.new do |task| task.requires << 'rubocop-gitlab-security' end
Inspecting specific files¶ ↑
By default, rubocop-gitlab-security
inspects all files. You can override this setting in your config file by specifying one or more patterns:
# Inspect all files AllCops: GitlabSecurity: Patterns: - '.+'
# Inspect only controller files. AllCops: GitlabSecurity: Patterns: - app/controllers/**/*.rb
The Cops¶ ↑
All cops are located under {lib/rubocop/cop/gitlab-security
}, and contain examples/documentation.
In your .rubocop.yml
, you may treat the Gitlab-Security cops just like any other cop. For example:
GitlabSecurity/PublicSend: Exclude: - 'spec/**/*'
Contributing¶ ↑
-
Fork it
-
Create your feature branch (
git checkout -b my-new-feature
) -
Commit your changes (
git commit -am 'Add some feature'
) -
Push to the branch (
git push origin my-new-feature
) -
Create new Merge Request
License¶ ↑
rubocop-gitlab-security
is MIT licensed. See the accompanying file for the full text.